Ondrej Sevecek's English Pages

Hi Ondrej,

I have tried to secure RDWEB with Reverse Proxy. As the RDWEB does not support claims by design, I try to configure NON-CLAIMS APPs on ADFS and set KDC delegation in AD from WAP to Broker. (In my setup is broker / web / gw on the same VM). The reason is I don't want to login twice (ADFS and RDWEB)

When I set SPN for rdweb to computeraccount, everything works. When I tried to run RDWEB not under ApplicationPoolIdentity but under particular user (and preregister SPN from computer to that user) I have got issue with preauthentication. When I bypass WAP, everything works. With ADFS preauth. I am getting error 500:

DOM7011: The code on this page disabled back and forward caching.

Do you have Idea, what can be wring / did you ever try your setup secure with WAP + ADFS?

BTW: On MS I found some howtos, but I did not get point, why they are setting up Claims relaying party trust when claims are not supported on RDWEB.